Ditching those usernames, passwords using Traitware

Bert Spencer began working on Traitware in 2012. His idea was to develop a multifactor security system that eliminates the need for digital users to access accounts with usernames and passwords.Stephen Roberson/sroberson@theunion.com |

According to Bert Spencer, if Traitware was widely used the past few years, Hillary Clinton may be president.

The new software company started by Spencer in 2012 in conjunction with Grass Valley’s Economic Resource Council addresses an increasingly critical problem in all aspects of life — cyber security — by eliminating the need for usernames and passwords.

“It really makes addressing the use of usernames and passwords a No. 1 priority for stopping a lot of the data breeches taking place,” Spencer said. “The phishing attack on the Democratic party was all based on stealing usernames and passwords. If they’d been using a multifactor authentication like Traitware that data breach would not have happened.”

Compromised usernames and passwords account for 63 percent of all data breaches, according to a 2016 Verizon study. Spencer’s app, which just received $1 million in funding, instead uses a series of frictionless security measures to authenticate users.

Once a user has been authenticated, access to various websites and accounts is seamless – no usernames or passwords are necessary.

LUCRATIVE POSSIBILITIES

Spencer wouldn’t say what his financial goals are, but he’s shooting for 30 million users within four years and plans on generating revenue this year. The product is already in the process of going to market.

“We’ve set a rather aggressive sales goal for the next four years,” he said. “It’s in the multimillions.”

He did drop some hints for those choosing to do the math. There are 250 billion smartphones worldwide. His goal is to get 10 percent of those using Traitware.

“How much would you pay a year to eliminate your passwords,” he asked. “We’re figuring at least $6 per user. You can take that times 250 million and you can see what the sales goal will eventually get to.”

A $6 fee per user is well worth protecting, in some cases, billions in assets, Spencer said.

“Security and accounts, that information is vital,” ERC Director Jon Gregory said. “You think about companies that have not 10 employees or 100 employees but thousands of employees or tens of thousands of employees. Now you’ve got business with this technology that can literally be used by millions of employees that work for these institutions that can be implemented very quickly … If they can solve that dilemma, they’re going to save those institutions a lot of money.”

HOW IT WORKS

The multi-factor system starts with something only the user possesses, such as a laptop or mobile phone.

The software identifies your device through its user traits like contact names, phone numbers and music library song titles, and device traits like operating system, screen resolution, device name, mobile country code and mobile network code.

Even with a 40 percent change — deleting programs, adding phone numbers, adding apps — Traitware can identify any device by a factor of one in 300 billion.

Add in other authentication factors — thumbprints and a sequence of photos the user identifies, usually choosing four of 24 pictures available — breaching one’s username and password becomes virtually impossible.

Spencer started with voice verification, which is still an additional option, but using it in noisy surroundings can be problematic.

“The numbers get to be astronomical,” Spencer said. “We can make it really astronomical because of the (photo sequence). We can make it so the user chooses six out of 72 pictures.”

CONVENIENCE

Face it, most people are tired of usernames and passwords.

If it’s a bank account or an email address, usernames and passwords are generally easy to remember. But what about flowers.com or eBay? You may use these sights on a semi-regular basis, but not often enough to remember your personal login information.

Lists are created and lost. Users are forced through the cumbersome process of retrieving new login information using their email address then waiting for instructions on resetting their password. And what if they forgot the email address they used to sign up? It’s a hassle.

“I was just using one of my web-based accounts and for the life of me I hadn’t used it in a couple of years,” Gregory said. “I use a different computer now, so it didn’t store on any kind of record the username and password I had a couple years ago. It was a major hassle to try to think through the three or five or 10 different passwords I typically use. It cost me time and frustration.”

“Agent credentials are stolen and escrow instructions are stolen,” Spencer said of the need in the real estate industry. ”You end up with deposits for houses wired into the wrong accounts. It’s a real problem. Integration is really going to open the door for us in a lot of markets.”